Microsoft Corporation

Outlook on the web2016

Solution Summary

Use Case

When integrated, MicrosoftOutlook on the web end users must authenticate with RSA SecurID Access to sign in. MicrosoftOutlook on the web can integrate using RSA Authentication Agent for Web: IIS or RSA Authentication Agent for AD FS.

Integration Types

RSA Authentication Agent for Web: IIS allows you to protect selected web pages with RSA SecurID. The Web Agent software, residing on a web server (agent host), intercepts all user requests for protected web pages. When a user attempts to access a URL that RSA SecurID protects, the Web Agent requests the user name and passcode (which consists of an RSA SecurID PIN and the tokencode from the user’s authenticator) and passes them to RSA Authentication Manager for authentication. If the authentication is successful, the Web Agent stores the information in a cookie in the user’s browser. As long as the cookie remains valid, the user is granted access to protected web pages.

RSA Authentication Agent for AD FS is authentication software that connects your Microsoft Active Directory Federation Services (AD FS) server to RSA SecurID Access using the REST protocol to provide multifactor authentication capabilities for AD FS. When a user attempts to access an AD FS-protected resource, the user enters username and password credentials for primary authentication. Agent for AD FS then prompts the user to complete one or more additional authentication methods, depending on the configured authentication mode.

Agent for AD FS supports these authentication modes:

RSA Authentication Manager. Connects the agent to an existing RSA Authentication Manager instance in your deployment, making the SecurID Token method available for user authentication. You use the Operations Console, Security Console, and Self-Service Console to manage identity sources, users, and tokens.

Cloud Authentication Service. Connects the agent to the RSA SecurID Access Cloud Authentication Service, making the Authenticate Tokencode, Approve, Device Biometrics, SMS Tokencode, and Voice Tokencode methods available. If Authentication Manager is integrated with the Cloud Authentication Service, RSA SecurID Token can also be used to authenticate in this mode. You use the Cloud Administration Console to manage identity sources, users, access policies, and authentication methods.

Supported Features

This section shows all of the supported features by integration type and by RSA SecurID Access component. Use this information to determine which integration type and which RSA SecurID Access component your deployment will use.

MicrosoftOutlook on the web integration with RSA Cloud Authentication Service

Authentication Methods

Web Agent

AD FS Agent

RSA SecurID

n/a

✔

LDAP Password

n/a

✔

Authenticate Approve

n/a

✔

Authenticate Tokencode

n/a

✔

Device Biometrics

n/a

✔

SMS Tokencode

n/a

✔

Voice Tokencode

n/a

✔

FIDO Token

n/a

n/a

MicrosoftOutlook on the web integration with RSA Authentication Manager